verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 62 Releases Wiki Activity

5488-use_checkAccessAcl #1482

Merged
alexm merged 32 commits from 5488-use_checkAccessAcl into dev 2023-05-29 05:20:29 +00:00
Conversation 0 Commits 32 Files Changed 39 +13 -18
6 changed files with 13 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 08fcbebbaf - Show all commits

14
db/changes/232001/00-useSpecificsAcls.sql
View File

@ -27,8 +27,7 @@ INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `pri
('Supplier', 'editPayMethodCheck', 'WRITE', 'ALLOW', 'ROLE', 'financial'), ('Supplier', 'editPayMethodCheck', 'WRITE', 'ALLOW', 'ROLE', 'financial'),
('Worker', 'isTeamBoss', 'WRITE', 'ALLOW', 'ROLE', 'teamBoss'), ('Worker', 'isTeamBoss', 'WRITE', 'ALLOW', 'ROLE', 'teamBoss'),
('Worker', 'forceIsSubordinate', 'READ', 'ALLOW', 'ROLE', 'hr'), ('Worker', 'forceIsSubordinate', 'READ', 'ALLOW', 'ROLE', 'hr'),
('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager');
('Claim', 'filter', 'READ', 'ALLOW', 'ROLE', 'employee');
alexm marked this conversation as resolved Outdated
alexm commented 2023-05-11 08:20:16 +00:00
Outdated
Review
Copy Link

SalesPerson

SalesPerson
DELETE FROM `salix`.`ACL` DELETE FROM `salix`.`ACL`
alexm commented 2023-05-10 12:11:47 +00:00
Outdated
Review
Copy Link

De aci cap a baix estan els ACLs que he tingut que donar per a que funcione tot despres de llevar els ACLs de
He intententat ficarlos lo mes precis posible per sino ho he vist clar he dixat employee
Si vegeu alguno per a canviar poseumeu pls

De aci cap a baix estan els ACLs que he tingut que donar per a que funcione tot despres de llevar els ACLs de He intententat ficarlos lo mes precis posible per sino ho he vist clar he dixat employee Si vegeu alguno per a canviar poseumeu pls
WHERE WHERE
@ -38,15 +37,16 @@ DELETE FROM `salix`.`ACL`
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES VALUES
('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
jgallego commented 2023-05-16 14:39:20 +00:00
Outdated
Review
Copy Link

Jo en el meu he posat el exists també, no se si cal posarlo ara o esperar a que es gaste

Jo en el meu he posat el exists també, no se si cal posarlo ara o esperar a que es gaste
alexm commented 2023-05-17 11:43:22 +00:00
Outdated
Review
Copy Link

/exists sols he vist q ho gaste el model account i workerDisableExcludeds. Si no es gasta no el donaria de moment

/exists sols he vist q ho gaste el model account i workerDisableExcludeds. Si no es gasta no el donaria de moment
('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'salesPerson'),
alexm marked this conversation as resolved Outdated
alexm commented 2023-05-11 08:12:38 +00:00
Outdated
Review
Copy Link

SalesPerson

SalesPerson
('Claim', 'regularizeClaim', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'regularizeClaim', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
alexm marked this conversation as resolved Outdated
alexm commented 2023-05-11 08:12:58 +00:00
Outdated
Review
Copy Link

SalesPerson

SalesPerson
('Claim', 'updateClaimDestination', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'updateClaimDestination', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
('Claim', 'downloadFile', 'READ', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'downloadFile', 'READ', 'ALLOW', 'ROLE', 'claimManager'),
('Claim', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
('Claim', 'filter', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'logs', 'READ', 'ALLOW', 'ROLE', 'claimManager'); ('Claim', 'logs', 'READ', 'ALLOW', 'ROLE', 'claimManager');
DELETE FROM `salix`.`ACL` DELETE FROM `salix`.`ACL`

2
e2e/paths/06-claim/05_summary.spec.js
View File

@ -17,7 +17,7 @@ describe('Claim summary path', () => {
}); });
it('should navigate to the target claim summary section', async() => { it('should navigate to the target claim summary section', async() => {
await page.loginAndModule('employee', 'claim'); await page.loginAndModule('salesPerson', 'claim');
await page.accessToSearchResult(claimId); await page.accessToSearchResult(claimId);
await page.waitForState('claim.card.summary'); await page.waitForState('claim.card.summary');
}); });

2
e2e/paths/06-claim/06_descriptor.spec.js
View File

@ -16,7 +16,7 @@ describe('Claim descriptor path', () => {
}); });
it('should now navigate to the target claim summary section', async() => { it('should now navigate to the target claim summary section', async() => {
await page.loginAndModule('employee', 'claim'); await page.loginAndModule('salesPerson', 'claim');
await page.accessToSearchResult(claimId); await page.accessToSearchResult(claimId);
await page.waitForState('claim.card.summary'); await page.waitForState('claim.card.summary');
}); });

1
modules/ticket/back/methods/ticket/transferSales.js
View File

@ -3,6 +3,7 @@ let UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('transferSales', { Self.remoteMethodCtx('transferSales', {
description: 'Transfer sales to a new or a given ticket', description: 'Transfer sales to a new or a given ticket',
accessType: 'WRITE',
accepts: [{ accepts: [{
arg: 'id', arg: 'id',
type: 'number', type: 'number',

10
modules/worker/back/methods/worker/isSubordinate.js
View File

@ -31,15 +31,9 @@ module.exports = Self => {
Object.assign(myOptions, options); Object.assign(myOptions, options);
const mySubordinates = await Self.mySubordinates(ctx, myOptions); const mySubordinates = await Self.mySubordinates(ctx, myOptions);
const isSubordinate = mySubordinates.find(subordinate => { const isSubordinate = mySubordinates.some(subordinate => subordinate.workerFk == id);
return subordinate.workerFk == id;
});
const forceIsSubordinate = await models.ACL.checkAccessAcl(ctx, 'Worker', 'forceIsSubordinate', 'READ'); const forceIsSubordinate = await models.ACL.checkAccessAcl(ctx, 'Worker', 'forceIsSubordinate', 'READ');
if (forceIsSubordinate || isSubordinate) return forceIsSubordinate || isSubordinate;
return true;
return false;
}; };
}; };

2
modules/zone/back/methods/zone/includingExpired.js
View File

@ -35,7 +35,7 @@ module.exports = Self => {
&& where.agencyModeFk && where.warehouseFk; && where.agencyModeFk && where.warehouseFk;
if (filterByAvailability) { if (filterByAvailability) {
const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'editDiscount'); const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'seeExpired');
alexm marked this conversation as resolved Outdated
jgallego commented 2023-05-10 13:40:07 +00:00
Outdated
Review
Copy Link

açò es correcte? es diuen distint

açò es correcte? es diuen distint
let showExpired = false; let showExpired = false;
if (canSeeExpired.length) showExpired = true; if (canSeeExpired.length) showExpired = true;